Fix the bug from the latest test case.

diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c
index 5fea3a30a6efcb9c7359d5f9a19d25de7ead83e5..0f7e9ae91deb8c477c0fbae6b8161fc8d6fa2850 100644 (file)
--- a/src/apply-default-acl.c
+++ b/src/apply-default-acl.c
@@ -380,6 +380,7 @@ int acl_execute_masked(const char* path) {
 }
 
 
+
 /**
  * @brief Determine whether @c path is executable (by anyone) or a
  *   directory.
@@ -435,6 +436,23 @@ int any_can_execute_or_dir(const char* path) {
   int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
 
   while (ge_result == ACL_SUCCESS) {
+    /* The first thing we do is check to see if this is a mask
+       entry. If it is, we skip it entirely. */
+    acl_tag_t tag = ACL_UNDEFINED_TAG;
+    int tag_result = acl_get_tag_type(entry, &tag);
+
+    if (tag_result == ACL_ERROR) {
+      perror("any_can_execute_or_dir (acl_get_tag_type)");
+      result = ACL_ERROR;
+      goto cleanup;
+    }
+
+    if (tag == ACL_MASK) {
+      ge_result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+      continue;
+    }
+
+    /* Ok, so it's not a mask entry. Check the execute perms. */
     acl_permset_t permset;
 
     int ps_result = acl_get_permset(entry, &permset);
@@ -452,7 +470,7 @@ int any_can_execute_or_dir(const char* path) {
     }
 
     if (gp_result == ACL_SUCCESS) {
-      /* Only return one if this execute bit is not masked. */
+      /* Only return ACL_SUCCESS if this execute bit is not masked. */
       if (acl_execute_masked(path) != ACL_SUCCESS) {
        result = ACL_SUCCESS;
        goto cleanup;